search

The Real Deal Logo

Trending

Pinnacle Bank buys back Fort Worth office tower for $12 per sf Pinnacle Bank buys back Fort Worth office tower for $12 per sf Blackstone sells huge industrial portfolio in NYC, New JerseyBlackstone sells huge industrial portfolio in NYC, New JerseyGoldman Sachs and Ballast ready to surrender SF apartments to lenderGoldman Sachs and Ballast ready to surrender SF apartments to lender“Multifamily is in the crosshairs”: Execs talk distress, opportunities at Milken conference“Multifamily is in the crosshairs”: Execs talk distress, opportunities at Milken conference
Politics
Texas

Dallas appraisal district paid $170K in ransomware hit

Royal Ransomware tried to extort taxing district for $1 million

Dallas Central Appraisal District's Chief Appraiser Ken Nolan
Dallas Central Appraisal District's Chief Appraiser Ken Nolan (LinkedIn, Getty)
By
Feb 8, 2023, 9:00 AM

The Dallas Central Appraisal District had to pay $170,000 in a ransomware attack in November.

The taxing district was attacked by the world’s most infamous cyber extortion group, but its website is back online.

A screenshot of an introductory alert by Royal Ransomware
A screenshot of an introductory alert by Royal Ransomware (Fortinet)

On Election Day 2022, all 300 of the district’s desktop computers were frozen. Emails didn’t work, and the website was gone, the Dallas Morning News reported. All they could see was an extortion note from Royal Ransomware.

“We are Royal Ransomware, and if you’re reading this note, we’ve taken control of your systems. We can help you guys. We just need some money,” it read.

“We were scared to death to touch anything,” Dallas County Chief Appraiser Ken Nolan told the outlet. 

The attack brought the office’s operations to a grinding halt for the following 72 days. Some 90 percent of the office data exists online with almost no paper copies.

An example of the instructions Royal Ransomware gives to its victims
An example of the instructions Royal Ransomware gives to its victims (Fortinet)

The attack was likely triggered by an employee falling for a phishing email, Nolan deduced. 

Sign Up for the undefined Newsletter

The hackers demanded almost $1 million, so Nolan went to the FBI, which has teams focused on catching hackers and helping victims recover their data, without paying the ransom, if possible. Nolan, with the board’s approval and the advice of cyber security company Cylance, hired a third-party vendor to negotiate with the cyber terrorists.

Nolan wanted to pay as little as possible and still have data returned for the 840,000 property records that DCAD handles

“We paid substantially less than what they were asking,” Nolan told the outlet, adding that it was a “miniscule” portion of the district’s $34 million budget.

DCAD paid the attackers $170,000 in bitcoin via the negotiators. The money came from a rarely used calamity reserve fund

Dallas isn’t the first Texas city targeted by Royal. The Travis County Appraisal District in Austin was also attacked in December for a second time, following 2019 attack.

DCAD is close to being back to normal, but still has to catch up on homestead exemptions and get the mobile version of the site back up and running.

 — Victoria Pruitt

Read more

Companies and People
Dallas Central Appraisal DistrictFBIKen Nolan